Endpoint_Policy (object)

Policy to manage connections based on metadata and content

Properties (* = required):

name type(s) default allowed values description
class* string   “Endpoint_Policy”  
customStrategy       BIG-IP AS3 pointer to custom strategy declaration
label string   “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML
remark string   “^[^x00-x1fx22x5cx7f]*$” Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks
rules array     List of policy rules, order is significant
strategy string “best-match” “all-match”, “best-match”, “first-match”, “custom” Rule-matching strategy; value ‘custom’ means BIG-IP AS3 requires a custom strategy (default is best-match)

Datagroup_Value (object)

Reference to a data-group containing the values

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Data-Group
use string     BIG-IP AS3 pointer to Data_Group

Endpoint_Policy_Rule (object)

A rule for an Endpoint policy that describes actions to perform on traffic matching given conditions

Properties (* = required):

name type(s) default allowed values description
actions array     Specifies the actions for the rule to execute
conditions array     Specifies the conditions for the rule to apply
label string   “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML
name* string   “^[a-zA-Z0-9_-.:%]+$” Name of the endpoint policy rule
remark string   “^[^x00-x1fx22x5cx7f]*$” Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks

Policy_Action (object)

LTM policy action

Properties (* = required):

name type(s) default allowed values description
/*/        
type* string   “http”, “httpCookie”, “httpHeader”, “httpRedirect”, “httpUri”, “botDefense”, “waf”, “forward”, “drop”, “clientSsl”, “persist”, “tcl”, “log” Selects the LTM policy action this object describes

Policy_Action_Bot_Defense (object)

Enable or disable Unified Bot Defense processing

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “request” “client-accepted”, “proxy-request”, “request” When to run this event in the request-response cycle
profile object     Reference to a bot defense profile

Policy_Action_Bot_Defense.profile (object)

Reference to a bot defense profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP bot defense profile

Policy_Action_Client_SSL (object)

Enable or disable encrypted connections to backend servers

Properties (* = required):

name type(s) default allowed values description
/*/        
enabled boolean true true, false Enable encrypted connections to backend servers
event string “client-accepted” “client-accepted”, “proxy-request”, “request”, “proxy-connect”, “proxy-response”, “server-connected” When to run this event in the request-response cycle

Policy_Action_Drop (object)

Reset connection

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “ssl-client-hello” “proxy-request”, “request”, “ssl-client-hello”, “client-accepted” When to run this event in the request-response cycle

Policy_Action_Forward (object)

Controls where the system forwards a connection

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “ssl-client-hello” “client-accepted”, “ssl-client-hello”, “request” When to run this event in the request-response cycle

Policy_Action_Forward_Select (object)

Select appropriate location for forwarding the connection based on specified parameters

Properties (* = required):

name type(s) default allowed values description
/*/        
snat string   “disable”, “automap” Controls SNAT Automap

Policy_Action_HTTP (object)

Provides the ability to enable or disable BIG-IP’s HTTP filter processing

Properties (* = required):

name type(s) default allowed values description
/*/        
enabled boolean true true, false Enable BIG-IP’s HTTP filter processing
event string “request” “client-accepted”, “proxy-request”, “request”, “response”, “server-connected” When to run this event in the request-response cycle

Policy_Action_HTTP_Header (object)

Modify HTTP header in request or response

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “request” “request”, “response” When to run this event in the request-response cycle

Policy_Action_HTTP_Redirect (object)

Redirect an HTTP request to a different URL

Properties (* = required):

name type(s) default allowed values description
/*/        
code integer   300 - 399 HTTP status code for the redirect. Note: code is only supported in TMOS version 14.0+.
event string “proxy-request” “proxy-request”, “request”, “response” When to run this event in the request-response cycle
location* string     The new URL for which the system will send a redirect response; you can use a Tcl command substitution for this field

Policy_Action_HTTP_URI (object)

Modify the request’s URI, path, or query string

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “request” “request” When to run this event in the request-response cycle
replace* object     Replace URI, path, or query string in request

Policy_Action_HTTP_URI.replace (object)

Replace URI, path, or query string in request

Policy_Action_Log (object)

Writes messages to local or remote system log

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “ssl-client-hello” “classification-detected”, “client-accepted”, “proxy-connect”, “proxy-request”, “proxy-response”, “request”, “response”, “server-connected”, “ssl-client-hello”, “ssl-client-serverhello-send”, “ssl-server-handshake”, “ssl-server-hello”, “ws-request”, “ws-response” When to run this event in the request-response cycle
write* object     Write a message to the system log files

Policy_Action_Log.write (object)

Write a message to the system log files

Properties (* = required):

name type(s) default allowed values description
/*/        
facility string “local0” “authpriv”, “cron”, “daemon”, “ftp”, “kern”, “local0”, “local1”, “local2”, “local3”, “local4”, “local5”, “local6”, “local7”, “lpr”, “mail”, “news”, “security”, “user”, “uucp” Standard syslog facility associated with the message
ipAddress string   “f5ip” formatted string The IP address of the remote syslog server
message* string     The message to write to the system log. Can also be a Tcl command substitution
port integer 0 0 - 65535 The port number of the remote syslog server
priority string “info” “crit”, “debug”, “error”, “info”, “notice”, “warning” Standard syslog priority associated with the message

Policy_Action_Persist (object)

Control over how a connection is persisted

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “client-accepted” “client-accepted”, “proxy-request”, “request” When to run this event in the request-response cycle

Policy_Action_TCL (object)

Set a Tcl variable in runtime environment

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “request” “proxy-request”, “request”, “response”, “ssl-client-hello”, “ssl-server-hello”, “ssl-server-handshake” When to run this event in the request-response cycle
setVariable* object     Set a Tcl variable in the runtime environment

Policy_Action_TCL.setVariable (object)

Set a Tcl variable in the runtime environment

Properties (* = required):

name type(s) default allowed values description
/*/        
expression* string     Tcl expression to evaluate
name* string     Name of variable

Policy_Action_WAF (object)

Control web security

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “request” “client-accepted”, “proxy-request”, “request” When to run this event in the request-response cycle
policy object     Reference to a WAF policy

Policy_Action_WAF.policy (object)

Reference to a WAF policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP WAF policy
use string     AS3 pointer to WAF policy declaration

Policy_Compare_Number (object)

Perform a comparison against number values

Properties (* = required):

name type(s) default allowed values description
datagroup object     Reference to a data-group containing the values,Reference to a data-group containing the values
operand* string “equals” “equals”, “does-not-equal”, “less”, “greater”, “less-or-equal”, “greater-or-equal” Specifies the comparison the system should perform with values
values array     A list of numbers to do comparisons against

Policy_Compare_Number.datagroup (object)

Reference to a data-group containing the values Reference to a data-group containing the values

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Data-Group
use string     BIG-IP AS3 pointer to Data_Group

Policy_Compare_String (object)

Perform a comparison against string values

Properties (* = required):

name type(s) default allowed values description
caseSensitive boolean false true, false Specifies if the comparison the system should perform with case sensitivity
datagroup object     Reference to a data-group containing the values,Reference to a data-group containing the values
operand string “equals” “equals”, “does-not-equal”, “starts-with”, “does-not-start-with”, “ends-with”, “does-not-end-with”, “contains”, “does-not-contain”, “exists”, “does-not-exist” Specifies the comparison the system should perform with values. The operands exists and does-not-exist do not accept values and are available on BIGIP 15.0 and above.
values array     A list of strings to do comparisons against

Policy_Compare_String.datagroup (object)

Reference to a data-group containing the values Reference to a data-group containing the values

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Data-Group
use string     BIG-IP AS3 pointer to Data_Group

Policy_Condition (object)

LTM policy condition

Properties (* = required):

name type(s) default allowed values description
/*/        
type* string   “geoip”, “httpCookie”, “httpHeader”, “httpHost”, “httpMethod”, “httpStatus”, “httpUri”, “sslExtension”, “tcp” Selects the LTM policy condition this object describes

Policy_Condition_GeoIP (object)

Match against specific GeoIP properties

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “request” “request”, “response”, “client-accepted”, “proxy-connect”, “proxy-request”, “proxy-response”, “server-connected”, “ssl-client-hello”, “ssl-client-serverhello-send”, “ssl-server-handshake”, “ssl-server-hello” When to evaluate this condition in the request-response cycle

Policy_Condition_HTTP_Header (object)

Match against any HTTP header

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “proxy-request” “proxy-request”, “request”, “proxy-connect”, “proxy-response”, “response” When to evaluate this condition in the request-response cycle

Policy_Condition_HTTP_Host (object)

Match against an HTTP request’s Host header

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “proxy-request” “proxy-request”, “request”, “proxy-connect” When to evaluate this condition in the request-response cycle

Policy_Condition_HTTP_Method (object)

Match against any HTTP method

Properties (* = required):

name type(s) default allowed values description
/*/        
all* object     Match on the full HTTP method,Perform a comparison against string values
event string “proxy-request” “proxy-request”, “request” When to evaluate this condition in the request-response cycle

Policy_Condition_HTTP_Method.all (object)

Match on the full HTTP method Perform a comparison against string values

Properties (* = required):

name type(s) default allowed values description
caseSensitive boolean false true, false Specifies if the comparison the system should perform with case sensitivity
datagroup object     Reference to a data-group containing the values,Reference to a data-group containing the values
operand string “equals” “equals”, “does-not-equal”, “starts-with”, “does-not-start-with”, “ends-with”, “does-not-end-with”, “contains”, “does-not-contain”, “exists”, “does-not-exist” Specifies the comparison the system should perform with values. The operands exists and does-not-exist do not accept values and are available on BIGIP 15.0 and above.
values array     A list of strings to do comparisons against

Policy_Condition_HTTP_Method.all.datagroup (object)

Reference to a data-group containing the values Reference to a data-group containing the values

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Data-Group
use string     BIG-IP AS3 pointer to Data_Group

Policy_Condition_HTTP_Status (object)

Match against an HTTP response’s status

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “proxy-response” “proxy-response”, “response” When to evaluate this condition in the request-response cycle

Policy_Condition_HTTP_URI (object)

Inspect the URI on a request and match on various parts or the entire URI

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “request” “proxy-request”, “request” When to evaluate this condition in the request-response cycle

Policy_Condition_SSL_Extension (object)

Inspect SSL extensions being negotiated during HELLO phase

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “ssl-client-hello” “ssl-client-hello”, “ssl-server-hello” When to evaluate this condition in the request-response cycle

Policy_Condition_TCP (object)

Match against specific TCP properties

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “request” “request”, “response”, “classification-detected”, “client-accepted”, “proxy-connect”, “proxy-request”, “proxy-response”, “server-connected”, “ssl-client-hello”, “ssl-client-serverhello-send”, “ssl-server-handshake”, “ssl-server-hello”, “ws-request”, “ws-response” When to evaluate this condition in the request-response cycle

Policy_Match_String (object)

Perform a comparison that either matches or does-not-match

Properties (* = required):

name type(s) default allowed values description
datagroup object     Reference to a data-group containing the values,Reference to a data-group containing the values
operand string “matches” “matches”, “does-not-match” Specifies the comparison
values array     A list of strings to compare against

Policy_Match_String.datagroup (object)

Reference to a data-group containing the values Reference to a data-group containing the values

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Data-Group
use string     BIG-IP AS3 pointer to Data_Group